Add option to set --skip-schema-validation flag to skip schema validation on deployments

[ryan-cahill]

Description

I'm using Terraform to create Kubernetes resources in an air-gapped environment. Because Helm runs validation on chart schemas by default before attempting to deploy the chart, installing nginx-ingress with the Helm provider fails when there is no internet connection. The error looks like the snippet below:

╷
│ Error: values don't meet the specifications of the schema(s) in the following chart(s):
│ nginx-ingress:
│ Get "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.32.0/_definitions.json": dial tcp: lookup raw.githubusercontent.com on 127.0.0.53:53: server misbehaving
│ 
│   with helm_release.nginx_helm_chart,
│   on nginx.tf line 2, in resource "helm_release" "nginx_helm_chart":
│    2: resource "helm_release" "nginx_helm_chart" {
│ 
╵

It looks like this problem was solved in Helm itself with this MR. It would be useful for something like this to be available in the Terraform provider to avoid awkward workarounds.

To reproduce, pull the Helm chart with the command helm pull oci://ghcr.io/nginx/charts/nginx-ingress --version 2.0.1. This will download the file nginx-ingress-2.0.1.tgz.

terraform {
  required_providers {
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.36.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "2.17.0"
    }
  }
}

provider "kubernetes" {
  config_path = "<your-kube-config-path>"
}

provider "helm" {
  kubernetes {
    config_path = "<your-kube-config-path>"
  }
}

resource "helm_release" "nginx_helm_chart" {
  name             = "nginx-ingress"
  namespace        = "nginx-ingress"
  create_namespace = true

  chart = "./nginx-ingress-2.0.1.tgz"
}

Disable your internet connection. Then run terraform plan -out tfplan followed by terraform apply tfplan.

Potential Terraform Configuration

I'd like to suggest adding a top-level flag on the helm_release resource to set this value. Something like

resource "helm_release" "nginx_helm_chart" {
  name             = "nginx-ingress"
  namespace        = "nginx-ingress"
  create_namespace = true

  skip_schema_validation = true # <--

  chart = "./nginx-ingress-2.0.1.tgz"
}

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[zumic96]

I have other but similar issue with schema validation that I think it would be solved with this.
Recently I have added schema on some of my charts and thought to use disable_openapi_validation parameter but it doesn't seem to have any effect.

I want to disable schema validation on my helm_template and helm_release resources when running terraform, to not break some old deployments that have some outdated element in their values, so invalid schema, and I will evaluate values outside of terraform to print out a warning message in my CD system instead.

Using provider v2.17.0

[Rubatharisan]

I am also interested in this feature - is anyone working on a PR to accomplish this?